Shell/Fingerprints: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
imported>Burghardt |
imported>Burghardt |
||
| Zeile 2: | Zeile 2: | ||
* Back to [[Shell]] |
* Back to [[Shell]] |
||
| + | To verify a fingerprint you need to know the correct one. These to-be-verified correct fingerprints can be shown ''after'' you're logged in on the target server. Of course this is a classic chicken-and-egg problem situation. You need to get the correct fingerprints through an independent communication channel in beforehand. In our case that is the list below: |
||
| − | To verify a fingerprint you need to know the correct one... |
||
== Current fingerprints as of October 2017 == |
== Current fingerprints as of October 2017 == |
||
| Zeile 20: | Zeile 20: | ||
</pre> |
</pre> |
||
| − | * sha256: |
+ | * '''sha256''': |
<pre> |
<pre> |
||
~$ for F in /etc/dxs/shellX-ssh/*.pub ; do echo -e "\n$F:"; ssh-keygen -l -E sha256 -f $F; done |
~$ for F in /etc/dxs/shellX-ssh/*.pub ; do echo -e "\n$F:"; ssh-keygen -l -E sha256 -f $F; done |
||
Version vom 2. Oktober 2017, 12:46 Uhr
- Back to Shell
To verify a fingerprint you need to know the correct one. These to-be-verified correct fingerprints can be shown after you're logged in on the target server. Of course this is a classic chicken-and-egg problem situation. You need to get the correct fingerprints through an independent communication channel in beforehand. In our case that is the list below:
Current fingerprints as of October 2017
- md5 is deprecated but better than nothing:
~$ for F in /etc/dxs/shellX-ssh/*.pub ; do echo -e "\n$F:"; ssh-keygen -l -E md5 -f $F; done /etc/dxs/shellX-ssh/ssh_host_ecdsa.pub: 256 MD5:07:84:c9:e1:59:4f:03:75:69:b1:e4:d0:b4:1f:9a:cd root@nfsadm (ECDSA) /etc/dxs/shellX-ssh/ssh_host_ed25519_key.pub: 256 MD5:93:11:29:c4:a2:03:e1:2d:b1:82:05:74:dd:a5:3b:9a root@nfsadm (ED25519) /etc/dxs/shellX-ssh/ssh_host_rsa_key.pub: 2048 MD5:de:db:6e:72:52:de:30:73:db:bb:6e:79:df:f9:2c:0d root@nfsadm (RSA)
- sha256:
~$ for F in /etc/dxs/shellX-ssh/*.pub ; do echo -e "\n$F:"; ssh-keygen -l -E sha256 -f $F; done /etc/dxs/shellX-ssh/ssh_host_ecdsa.pub: 256 SHA256:L+FCMj2bm8x/BfR8AdaaLnqTmFD35D0EYNlFG7a2dt8 root@nfsadm (ECDSA) /etc/dxs/shellX-ssh/ssh_host_ed25519_key.pub: 256 SHA256:H4FLNG2aNYRZ3jxepIx5E0s0a2ZvtZbbmVLt56b+nK0 root@nfsadm (ED25519) /etc/dxs/shellX-ssh/ssh_host_rsa_key.pub: 2048 SHA256:DpP5/EfbApVUwseVeQOVpAFvGiZIJmYmjUyC4Cnuatk root@nfsadm (RSA)
Actually compare a fingerprint when establishing a session